//package com.goodskill.oauth2.authserver.config;
//
//import com.nimbusds.jose.jwk.JWKSet;
//import com.nimbusds.jose.jwk.RSAKey;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.security.authentication.AuthenticationManager;
//import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
//import org.springframework.security.core.userdetails.User;
//import org.springframework.security.core.userdetails.UserDetailsService;
//import org.springframework.security.crypto.factory.PasswordEncoderFactories;
//import org.springframework.security.crypto.password.PasswordEncoder;
//import org.springframework.web.bind.annotation.GetMapping;
//import org.springframework.web.bind.annotation.ResponseBody;
//
//import java.math.BigInteger;
//import java.security.KeyFactory;
//import java.security.KeyPair;
//import java.security.Principal;
//import java.security.interfaces.RSAPublicKey;
//import java.security.spec.RSAPrivateKeySpec;
//import java.security.spec.RSAPublicKeySpec;
//import java.util.ArrayList;
//import java.util.HashMap;
//import java.util.List;
//import java.util.Map;
//
//@Configuration
//public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
////
////    @Autowired
////    DataSource dataSource;
//
//    @Bean
//    PasswordEncoder passwordEncoder() {
//        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
//    }
//
//    @Override
//    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
//        clients.inMemory().withClient("first-client")
//                .secret(passwordEncoder().encode("noonewilleverguess"))
//                .scopes("resource:read")
//                .authorizedGrantTypes("authorization_code", "password")
//                .redirectUris("http://localhost:19021/login/oauth2/code/goodskill",
//                        "http://www.goodskill.com:8080/login/oauth2/code/goodskill")
//                .and()
//                .withClient("second-client")
//                .secret(passwordEncoder().encode("noonewilleverguess"))
//                .scopes("resource:read")
//                .authorizedGrantTypes("authorization_code", "password")
//                .redirectUris(
//                        "http://www.goodskill.com:8080/login/oauth2/code/goodskill",
//                        "http://localhost:19021/login/oauth2/code/goodskill"
//                        )
//        ;
//    }
//}
//
//@Configuration
//class JwkSetConfiguration extends AuthorizationServerConfigurerAdapter {
//
//    AuthenticationManager authenticationManager;
//    KeyPair keyPair;
//    UserDetailsService userDetailsService;
//
//    public JwkSetConfiguration(AuthenticationConfiguration authenticationConfiguration,
//                               KeyPair keyPair, UserDetailsService userDetailsService) throws Exception {
//
//        this.authenticationManager = authenticationConfiguration.getAuthenticationManager();
//        this.keyPair = keyPair;
//        this.userDetailsService = userDetailsService;
//    }
//
//    // ... client configuration, etc.
//
//    @Override
//    public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
//        // @formatter:off
//        TokenEnhancerChain enhancerChain = new TokenEnhancerChain();
//        List<TokenEnhancer> delegates = new ArrayList<>();
//        delegates.add(tokenEnhancer());
//        delegates.add(accessTokenConverter());
//        enhancerChain.setTokenEnhancers(delegates); //配置JWT的内容增强器
//        endpoints
//                //配置管理器
//                .authenticationManager(authenticationManager)
//                //设置用户
//                .userDetailsService(userDetailsService) //配置加载用户信息的服务
//                //设置token
//                .accessTokenConverter(accessTokenConverter())
//                //设置增强token
//                .tokenEnhancer(enhancerChain);
//        // @formatter:on
//    }
//
//    @Bean
//    public TokenEnhancer tokenEnhancer() {
//        return (accessToken, authentication) -> {
//            User securityUser = (User) authentication.getPrincipal();
//            Map<String, Object> info = new HashMap<>();
//            //把用户ID设置到JWT中
//            info.put("name", securityUser.getUsername());
//            ((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(info);
//            return accessToken;
//        };
//    }
//
//    @Bean
//    public TokenStore tokenStore() {
//        return new JwtTokenStore(accessTokenConverter());
//    }
//
//    @Bean
//    public JwtAccessTokenConverter accessTokenConverter() {
//        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
//        converter.setKeyPair(this.keyPair);
//        return converter;
//    }
//}
//
//@FrameworkEndpoint
//class JwkSetEndpoint {
//    KeyPair keyPair;
//
//    public JwkSetEndpoint(KeyPair keyPair) {
//        this.keyPair = keyPair;
//    }
//
//    @GetMapping("/.well-known/jwks.json")
//    @ResponseBody
//    public Map<String, Object> getKey(Principal principal) {
//        RSAPublicKey publicKey = (RSAPublicKey) this.keyPair.getPublic();
//        RSAKey key = new RSAKey.Builder(publicKey).build();
//        return new JWKSet(key).toJSONObject();
//    }
//}
//
///**
// * An Authorization Server will more typically have a key rotation strategy, and the keys will not
// * be hard-coded into the application code.
// *
// * For simplicity, though, this sample doesn't demonstrate key rotation.
// */
//@Configuration
//class KeyConfig {
//    @Bean
//    KeyPair keyPair() {
//        try {
//            String privateExponent = "3851612021791312596791631935569878540203393691253311342052463788814433805390794604753109719790052408607029530149004451377846406736413270923596916756321977922303381344613407820854322190592787335193581632323728135479679928871596911841005827348430783250026013354350760878678723915119966019947072651782000702927096735228356171563532131162414366310012554312756036441054404004920678199077822575051043273088621405687950081861819700809912238863867947415641838115425624808671834312114785499017269379478439158796130804789241476050832773822038351367878951389438751088021113551495469440016698505614123035099067172660197922333993";
//            String modulus = "18044398961479537755088511127417480155072543594514852056908450877656126120801808993616738273349107491806340290040410660515399239279742407357192875363433659810851147557504389760192273458065587503508596714389889971758652047927503525007076910925306186421971180013159326306810174367375596043267660331677530921991343349336096643043840224352451615452251387611820750171352353189973315443889352557807329336576421211370350554195530374360110583327093711721857129170040527236951522127488980970085401773781530555922385755722534685479501240842392531455355164896023070459024737908929308707435474197069199421373363801477026083786683";
//            String exponent = "65537";
//
//            RSAPublicKeySpec publicSpec = new RSAPublicKeySpec(new BigInteger(modulus), new BigInteger(exponent));
//            RSAPrivateKeySpec privateSpec = new RSAPrivateKeySpec(new BigInteger(modulus), new BigInteger(privateExponent));
//            KeyFactory factory = KeyFactory.getInstance("RSA");
//            return new KeyPair(factory.generatePublic(publicSpec), factory.generatePrivate(privateSpec));
//        } catch ( Exception e ) {
//            throw new IllegalArgumentException(e);
//        }
//    }
//}
